[clug] Linux Security

Ian Bardsley ifb777 at tpg.com.au
Sun Jun 15 11:20:03 GMT 2008 

G'Day Tony

Many thanks for the input.  I had never heard of openvpn and having 
googled a little on the topic, this seems to be a pretty sound option 
although, setting openvpn up seems somewhat daunting for someone with my 
fairly low level of understanding of the finer points of moving data 
around networks.  Never the less, I have found a couple of "How Tos" on 
this topic and I will give this a go over the next few days and see if I 
can make it work.

Just an update for all on my original post,  I decided to have a go at 
setting up tunneled SSH from Wagga to my desktop as a way to learn the 
processes involved and as of a couple of evenings ago, my Wagga based 
family were able to logon to my desktop and copy a file.  This for me is 
a milestone!

Thanks again to all for the input.  Back now to the keyboard.......now 
wheres my specs........

Regards

Ian Bardsley

Tony Lewis wrote:
> Ian Bardsley wrote:
>> As I'm sure that at some point they are going to break something with 
>> this system, I have been researching how to set this box up to allow 
>> SSH over the internet through which I plan to tunnel VNC (I hope) in 
>> the hope that I may be able to fix up damage if it occurs without 
>> driving to Wagga.
>
> As a simpler solution, I'm a fan of OpenVPN.  You can then natively 
> VNC or SSH to their box without having to worry about NAT etc.  And 
> once it's running, it's much easier to use in day-to-day operation 
> than tunnelling.
>
> In it's narrowest form, it puts a virtual network interface on each of 
> the boxes you connect, and allows you to use normal network 
> connectivity to attach to the box (VNC, SSH etc).  The VPN itself 
> takes care of encrypting and transporting the packet to the other end.
>
> You could go further and allow either or both ends to then route to 
> the networks that these machines are on.  It's a bit more effort to 
> set up, and carries extra security risks, but the ability to attach 
> from any given machine on your network to any given machine on theirs 
> might be useful.  You decide.
>
> There are other things to consider, so in retrospect, maybe it's not 
> such a simple solution.  Worth considering, though.
>
> Tony Lewis
>

More information about the linux mailing list